Skip to main content

Elex Wordpress Helpdesk Customer Ticketing System

1 CVEs product

Monthly

CVE-2026-48964 HIGH This Week

SQL injection in the ELEX WordPress HelpDesk & Customer Ticketing System plugin (versions <= 3.3.6) allows authenticated users with low-privilege Subscriber accounts to inject arbitrary SQL into backend database queries. Successful exploitation results in high confidentiality impact with a scope change, enabling access to data beyond the plugin's own tables, plus limited availability impact. No public exploit identified at time of analysis, but the disclosure originates from Patchstack's WordPress plugin vulnerability program.

WordPress SQLi Elex Wordpress Helpdesk Customer Ticketing System
NVD
CVSS 3.1
8.5
EPSS
0.3%
EPSS 0% CVSS 8.5
HIGH This Week

SQL injection in the ELEX WordPress HelpDesk & Customer Ticketing System plugin (versions <= 3.3.6) allows authenticated users with low-privilege Subscriber accounts to inject arbitrary SQL into backend database queries. Successful exploitation results in high confidentiality impact with a scope change, enabling access to data beyond the plugin's own tables, plus limited availability impact. No public exploit identified at time of analysis, but the disclosure originates from Patchstack's WordPress plugin vulnerability program.

WordPress SQLi Elex Wordpress Helpdesk Customer Ticketing System
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy